Network Device and Method for Operating a Network Device for an Automation Network

1. A network device for an automation network, the network device being set up with help of a real-time application for providing a function of the network device, the real-time application having at least one predefined, updatable parameter, the network device comprising: a storage device operable to store update data for the updatable parameter in an update storage area and store application data for the real-time application in an application storage area, the update storage area and the application storage area being separate from one another; an application memory having a first memory address referring to the application storage area; and an update memory having a second memory address referring to the update storage area, wherein the updatable parameter comprises attack signatures, rule bases for a firewall, an intrusion detection system, or a combination thereof, wherein, during runtime of the real-time application, a first instance of the updatable parameter is stored in the application storage area, and a second instance of the updatable parameter is stored in the update storage area, the first and second instances of the updatable parameter initially being the same, wherein the second instance of the updatable parameter is updated by an update application such that the update data is written into the update storage area, and wherein the network device is configured such that, after the update data is written into the update storage area at a predefined update time, the first memory address referring to the application storage area is switched to the second memory address referring to the update storage area in which the update data is stored, the switch taking place deterministically within a predefined update timeslot during the runtime of the real-time application and without ending or restarting the real-time application.

2. The network device as claimed in claim 1 , further comprising a memory address table operable to store the first memory address and the second memory address.

3. The network device as claimed in claim 1 , wherein the network device is configured such that, after the update data is written into the update storage area, an item of status information for a status of the update storage area is modified, and such that the first memory address switches to the second memory address as a function of the item of status information.

4. The network device as claimed in claim 3 , further comprising an access protection device configured to protect an access to the item of status information.

5. The network device as claimed in claim 4 , wherein the access protection device comprises one or more semaphores.

6. The network device as claimed in claim 1 , wherein the storage device comprises at least one further update storage area operable to store the update data for the updatable parameter, and at least one further application storage area for storing the application data for the real-time application, the at least one further update storage area and the at least one further application storage area being separate from one another, and wherein the network device is further configured such that, after the update data is written into the at least one further update storage area at the predefined update time, an at least one further first memory address referring to the at least one further application storage area switches to an at least one further second memory address referring to the at least one further update storage area in which the update data is stored, the switch taking place deterministically within a predefined update timeslot during the runtime of the real-time application.

7. The network device as claimed in claim 6 , wherein the network device is further configured such that, after the update data is written into the at least one further update storage area, at least one further item of status information for a status of the at least one further update storage area is changed, and such that the switching of the at least one further first memory address to the at least one further second memory address takes place as a function of the at least one further item of status information.

8. The network device as claimed in claim 1 , wherein the writing of the update data is executable as a function of a predefined validity of the updatable parameter.

9. The network device as claimed in claim 1 , wherein the updatable parameter further comprises cryptographic keys, certificates, or the cryptographic keys and the certificates.

10. An automation network comprising: a plurality of network devices, each network device of the plurality of network devices set up with help of a real-time application for providing a function of the network device, the real-time application having at least one predefined, updatable parameter, each network device comprising: a storage device operable to store update data for the updatable parameter in an update storage area and store application data for the real-time application in an application storage area, the update storage area and the application storage area being separate from one another, wherein the updatable parameter comprises attack signatures, rule bases for a firewall, an intrusion detection system, or a combination thereof, wherein, during runtime of the real-time application, a first instance of the updatable parameter is stored in the application storage area, and a second instance of the updatable parameter is stored in the update storage area, the first and second instances of the updatable parameter initially being the same, wherein the second instance of the updatable parameter is updated by an update application such that the update data is written into the update storage area, and wherein the network device is configured such that, after the update data is written into the update storage area at a predefined update time, a first memory address referring to the application storage area is switched to a second memory address referring to the update storage area in which the update data is stored, the switch taking place deterministically within a predefined update timeslot during the runtime of the real-time application and without ending or restarting the real-time application, and wherein the automation network is configured such that a synchronized, simultaneous, or synchronized and simultaneous update of the updatable parameter is to be carried out on each network device of the plurality of network devices at the runtime.

11. A method for operating a network device for an automation network, which is set up with help of a real-time application for providing a function of the network device, the real-time application having at least one predefined, updatable parameter, the method comprising: storing a first instance of the updatable parameter in an application storage area, wherein the updatable parameter comprises attack signatures, rule bases for a firewall, an intrusion detection system, or a combination thereof; storing a second instance of the updatable parameter in an update storage area, wherein the application storage area and the update storage area are separate from one another, and wherein the first and second instances of the updatable parameter are initially the same; updating the second instance of the updatable parameter by an update application, therein creating update data; writing the update data for the updatable parameter into the update storage area; and switching, at a predefined update time, a first memory address referring to the application storage area to a second memory address referring to the update storage area in which the update data is stored, wherein after the update data is written into the update storage area, the switching takes place deterministically within a predefined update timeslot during runtime of the real-time application and without ending or restarting the real-time application.

12. A computer program product stored on a non-transitory computer readable storage medium, the computer program product including instructions for operating a network device for an automation network, the network device being set up with help of a real-time application for providing a function of the network device, the real-time application having at least one predefined, updatable parameter, the instructions being executable by one or more processors to: store a first instance of the updatable parameter in an application storage area, wherein the updatable parameter comprises attack signatures, rule bases for a firewall, an intrusion detection system, or a combination thereof; store a second instance of the updatable parameter in an update storage area, wherein the application storage area and the update storage area are separate from one another, and wherein the first and second instances of the updatable parameter are initially the same; update the second instance of the updatable parameter by an update application, therein creating update data; write the update data for the updatable parameter into the update storage area; and switch, at a predefined update time, a first memory address referring to the application storage area to a second memory address referring to the update storage area in which the update data is stored, wherein after the update data is written into the update storage area, the switch takes place deterministically within a predefined update timeslot during runtime of the real-time application and without ending or restarting the real-time application.

13. In a non-transitory computer-readable storage medium that stores a computer program with instructions executable by one or more processors to operate a network device for an automation network, which is set up with help of a real-time application for providing a function of the network device, the real-time application having at least one predefined, updatable parameter, the instructions comprising: storing a first instance of the updatable parameter in an application storage area, wherein the updatable parameter comprises attack signatures, rule bases for a firewall, an intrusion detection system, or a combination thereof; storing a second instance of the updatable parameter in an update storage area, wherein the application storage area and the update storage area are separate from one another, and wherein the first and second instances of the updatable parameter are initially the same; updating the second instance of the updatable parameter by an update application, therein creating update data; writing the update data for the updatable parameter into the update storage area; and switching, at a predefined update time, a first memory address referring to the application storage area to a second memory address referring to the update storage area in which the update data is stored, wherein after the update data is written into the update storage area, the switching takes place deterministically within a predefined update timeslot during runtime of the real-time application and without ending or restarting the real-time application.

14. The non-transitory computer-readable storage medium as claimed in claim 13 , wherein the instructions further comprise storing, in a memory address table, the first memory address and the second memory address.

15. The non-transitory computer-readable storage medium as claimed in claim 13 , wherein the instructions further comprise: modifying an item of status information for a status of the update storage area after the update data is written into the update storage area; and switching the first memory address to the second memory address as a function of the item of status information.

16. The non-transitory computer-readable storage medium as claimed in claim 15 , wherein the instructions further comprise protecting, with an access protection device, an access to the item of status information.

17. The non-transitory computer-readable storage medium as claimed in claim 16 , wherein the access protection device comprises one or more semaphores.

18. The network device as claimed in claim 1 , wherein the predefined update timeslot has a duration that is a function of an execution time of the update application.